We are excited to announce a new minor version release of TestBox version 4.2.x. To install just use CommandBox: install testbox --saveDev or to update your TestBox installation update testbox.

This release includes two important security updates just in case you have deployed TestBox or your tests to production (TESTBOX-294 and TESTBOX-293). Please note, that you should NEVER deploy TestBox and your tests to production. It is a library for development purposes and it has no purpose in being deployed to production servers.

In addition to updating your Testbox installation, you need to update any test browser files that may be in your tests folder. The current version of the Testbox test browser can be found here: https://github.com/Ortus-Solutions/TestBox/blob/development/test-browser/index.cfm

You can avoid installing testbox in production by using the install --production CommandBox command.


Release Notes



  • TESTBOX-294 - root path in test browser not enforced (SECURITY)
  • TESTBOX-281 - request.testbox: Component ... has no accessible Member with name [$TESTID]
  • TESTBOX-290 - Turning on "Prefix serialized JSON with" in ACF causes issues in code coverage report
  • TESTBOX-293 - Force properties file to have properties extension and escape special chars (SECURITY)


  • TESTBOX-291 - refactor usage of locks for debug utility in specs